<?php
header("Content-Type:text/html; charset=utf-8");
include_once('inc/init.php');
if(!isLogin()){
	exit("您还没有登录。");
}

$action=strFilter($_GET["action"]);
switch($action){

	case "modifyPass":
		$opass=strFilter($_POST["oldpass"]);
		$npass=strFilter($_POST["userpass"]);
		if($opass==""||$npass==""){
			echo("请填写旧密码和新密码。");
		}
		else{
			$row=$db->row_select_one("users","id={$lg['userid']}");
			if($row==null){
				exit("非法操作，用户不存在。");
			}
			$opass=encrypt($row['username'],$opass);
			if($opass!=$row['userpass']){
				exit("旧密码错误。");
			}else{
				//可以修改密码
				$tmp['userpass']=encrypt($row['username'],$npass);
				$db->row_update("users",$tmp,"id={$row['id']}");
				echo("y");
			}	
		}
	break;
	
	case "modifyDetails":
		$user = $_POST['user'];
		if(getPopedom(5)==0){
			$user['usertitle']='';
		}

		if($user["email"]==""){
			exit("资料不完整。");
		}
		
		foreach(explode(",", $cache_settings['reservedkeyword']) as $rkey){
			if(!empty($rkey) && stristr($user['usertitle'],$rkey)){
				exit("自定义头衔含有禁用关键字");
			}
		}

		$db->row_update("users",$user,"id={$lg['userid']}");
		echo("y");
		
	break;	
	

	case "saveMsg":
		//允许发送短信
		if(getPopedom(3)==0){
			exit("您所在的用户组没有权限发送短信。");
		}

		$msg['title']=strFilter($_POST['title']);
		$msg['content']=strFilter($_POST['content']);
		$tousername=strFilter($_POST['tousername']);
		$row=$db->row_select_one("users","username='{$tousername}'");
		if(empty($msg['title'])||empty($msg['content'])||empty($tousername)){
			echo("请填写完整收件人/标题/内容");
		}else if(empty($row)){
			echo("收件人不存在。");
		}else{
			$msg['touserid']=$row['id'];
			$msg['fromuser']=$lg['username'];
			$msg['fromuserid']=$lg['userid'];
			$msg['posttime']= time();
			$db->row_insert("msgs",$msg);
			echo("y");
		}
	break;
	
	case "deleteMsgs":
		$msgids=$_POST['msgids'];
		//DELETE
		if(is_array($msgids)) {
			$delids=implode(",",$msgids);
			$db->row_delete("msgs","id in ($delids) and touserid={$lg['userid']}");
		}
		echo("y");
	break;

	case "sendInvite":
		$invite['fromuserid']=$lg['userid'];
		$invite['fromusername']=$lg['username'];
		$invite['touserid']=numFilter($_POST['touserid']);
		$invite['invitetype']=numFilter($_POST['invitetype']);
		$invite['content']=strFilter($_POST['content']);
		$invite['createtime']= time();

		if(empty($invite['touserid'])||empty($invite['invitetype'])){
			echo("资料不完整");
		}else{
			$db->row_insert("invite",$invite);
			echo("y");
		}
	break;


	case "acceptInvite":
		$id=numFilter($_POST['id']);
		$row=$db->row_select_one("invite","id={$id} and touserid={$lg['userid']}");
		if($row==null){
			echo("非法操作。");
			return;
		}
		$invite['inviteresult']=1;
		$db->row_update("invite",$invite,"id={$id}");

		$friend['userid']=$row['fromuserid'];
		$friend['friid']=$lg['userid'];
		$friend['friname']=$lg['username'];
		$friend['createtime']= time();

		$db->row_insert("friend",$friend);
		echo("y");

	break;

	case "rejectInvite":
		$id=numFilter($_POST['id']);
		$row=$db->row_select_one("invite","id={$id} and touserid={$lg['userid']}");
		if($row==null){
			echo("非法操作。");
			return;
		}
		$invite['inviteresult']=2;
		$db->row_update("invite",$invite,"id={$id}");
		echo("y");
	break;

	case "ignoreInvite":
		$id=numFilter($_POST['id']);
		$row=$db->row_select_one("invite","id={$id} and touserid={$lg['userid']}");
		if($row==null){
			echo("非法操作。");
			return;
		}
		$invite['inviteresult']=2;
		$db->row_update("invite",$invite,"id={$id}");
		echo("y");
	break;

	case "addFans":
		$fan['fanid']=$lg['userid'];
		$fan['fanname']=$lg['username'];
		$fan['userid']=numFilter($_GET['touserid']);
		//$fan['content']=strFilter($_POST['content']);
		$fan['createtime']= time();
		if(empty($fan['userid'])){
			echo("资料不完整");
			return;
		}

		$row=$db->row_select_one("fans","userid={$fan['userid']} and fanid={$fan['fanid']}");
		if(empty($row)){
			$db->row_insert("fans",$fan);
		}
		else{
			$db->row_update("fans",$fan,"id={$row['id']}");
		}
		echo("y");
	break;
	
	case "postVote":
		$voteitemid=$_POST['voteitemid'];
		$tid=numFilter($_GET['tid']);
		$voterow=$db->row_select_one("votes","tid={$tid}");
		if($voterow['starttime']>$_SYS['time'] || $voterow['stoptime']<$_SYS['time'] ){
			exit("该投票已经过期。");
		}

		if(is_array($voteitemid) && count($voteitemid)<=$voterow['maxvotes']){
			
		}else{
			exit("您最多只能选 {$voterow['maxvotes']} 项。");
		}
		
		$rows=$db->row_select("voteitems","tid={$tid}");
		foreach($rows as $row){
			if(stristr(",{$row['voteuids']},", ",{$lg['userid']},")){
				exit("您已经投过票了，请不要重复投票。");
			}
		}
		foreach($rows as $row){
			if(in_array($row['id'],$voteitemid)){
				$db->query_unbuffered("update `{$db->pre}voteitems` set votenum=votenum+1, voteuids=CONCAT(voteuids,'{$lg[userid]},') where id={$row['id']}");
			}
		}
		$db->query_unbuffered("update `{$db->pre}votes` set voteusernum=voteusernum+1 where tid={$tid}");
		updateCredits($lg['userid'], 'votevar');
		echo("y");
	break;

	case "setBestAnswer":
		$tid=numFilter($_GET['tid']);
		$postid=numFilter($_GET['postid']);
		$rewardrow=$db->row_select_one("reward","tid={$tid} and userid={$lg['userid']}");
		if(empty($rewardrow)){
			exit("帖子不存在。");
		}elseif($rewardrow['bestid']>0){
			exit("该悬赏的问题已经解决。");
		}
		$postrow=$db->row_select_one("posts","id={$postid}");
		if(empty($postrow)){
			exit("回复不存在。");
		}elseif($postrow['userid']==$lg['userid']){
			exit("不能选择自己的回复作为最佳答案。");
		}
		//更新最佳答案
		$rewardobj['bestid']=$postid;
		$db->row_update("reward", $rewardobj, "tid={$tid}");

		//最佳答案的用户获取悬赏积分。
		$db->query_unbuffered("update `{$db->pre}users` set {$rewardrow['rewardcredits']}={$rewardrow['rewardcredits']}+{$rewardrow['reward']} where id={$postrow['userid']}");

		$topicobj['isresolved']=1;
		$db->row_update("topics", $topicobj, "id={$tid}");

		echo("y");
	break;

	case "deleteAttachment":
		$id=numFilter($_GET['id']);
		$encryptstr=strFilter($_GET['encrypt']);
		$row = $db->row_select_one("attachments","id={$id} and userid={$lg['userid']}");
		if(!empty($row) && md5($row['filepath'].$row['uploadtime'])==$md5str){
			$attachpath = INC_P."/../uploadfile/attachment/{$row['filepath']}";
			if(file_exists($attachpath)){
				unlink($attachpath);
			}
			$db->row_delete("attachments","id={$id}");
			echo("y");
		}else{
			echo("操作失败");
		}
	break;

	default:
		echo"No Such Action";
	break;
}
?>
